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DETAILED ACTION 

1. Applicant's submission for RCE filed on March 14, 2007 has been entered. 

2. Claims 29, 31-35, 43-52 are pending. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claims 45-52 are rejected under 35 U.S.C. 101 because the claimed invention is 

directed to non-statutory subject matter. 

Claim 45 recites "A computer program product for monitoring a networked computer 
system, the computer program product comprising computer program code embodied in 
a storage medium, the computer program code comprising: program code configured to 
sequentially poll a plurality of devices of the networked computer system for data 
relating to network communications thereof; program code configured to detect an 
anomaly responsive to polling of a first device in the computer system using network- 
based intrusion detection techniques comprising analyzing data entering into a plurality 
of hosts, servers, and computer sites in the networked computer system; and 
program code configured to determine a second device that is anticipated to be 
affected by the anomaly by using pattern correlations across the plurality of hosts, 
servers, and computer sites following the detection of the anomaly and prior to polling of 
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the second device. The computer program product claim is merely stored so as to be 
read or outputted by a computer without creating any functional interrelationship, 
either as part of the stored data or as part of the computing processes performed by the 
computer, then such descriptive material alone does not impart functionality either to the 
data as so structured, or to the computer. When nonfunctional descriptive material is 
recorded on some computer-readable medium, in a computer or on an 
electromagnetic carrier signal, it is not statutory since no requisite functionality 
is present to satisfy the practical application requirement. Therefore, claim 45 
recites non-statutory subject matter. 

Claims 46-52 depend on claim 45, therefore they are rejected with the same rationale 
applied against claim 45 above. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole 'would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 29, 32, 33, 35, 43, 44, 45, 47, 48, 50-52 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Aucsmith et al (US Pub. No. 2003/0110392) 
and in view of Sheikh et al (US Pub. No. 2002/0078382). 
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As per claim 29 , Aucsmith discloses: 

detecting an anomaly at a first device in the computer system using network-based 
intrusion detection techniques comprising analyzing data entering into a plurality of 
hosts, servers and computer sites in the networked computer system [Fig. 1, paragraph 
0037-0039, Fig. 2 step 206]; 

determining a second device that is anticipated to be affected by the anomaly by using 
pattern correlations across the plurality of hosts, servers, and computer sites following 
the detection of the anomaly and prior to polling of the second device (i.e. possible 
security problem) [Fig.1, paragraph 0043-0046, 0050, 0051, 0012, 0013]. 
Aucsmith teaches detecting an anomaly at a first device in the computer system [Fig. 1, 
paragraph 0039] and determining possible security intrusions/anomaly following the 
detection of the anomaly at the client [paragraph 0050,0051]. Aucsmith doesn't 
expressively mention polling a plurality of devices of the networked computer system. 
Sheikh teaches: 

polling a plurality of devices of the networked computer system in a predetermined 
sequential order for information relating to network communication thereof [Fig. 1, 1A, 
paragraph 0032 lines 5-9, 0042, Fig. 4]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Sheikh with Aucsmith, since one would have been 
motivated to monitor the computer network systems for security purposes [Sheikh, 
paragraph 003]. 
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As per claim 32 , the rejection of claim 29 is incorporated and Aucsmith teaches: 

the anomaly comprises one of an intrusion and an intrusion attempt [paragraph 0027 

lines 7-17]. 

As per claim 33 , the rejection of claim 29 is incorporated and Aucsmith teaches: 
analyzing a plurality of data packets with respect to predetermined patterns [Fig. 1 ? 
paragraph 0039]. 

As per claim 35 , the rejection of claim 29 is incorporated and Aucsmith teaches: 
controlling the 'second device responsive to determining the second device is 
anticipated to be affected by the anomaly [paragraph 0012, 0013, Fig. 1]. 

As per claim 43 , the rejection of claim 35 is incorporated and Aucsmith teaches: 
controlling a firewall of the second device responsive to determine the second device is 
anticipated to be affected by the anomaly [Fig. 1, paragraph 0054, 0057]. 

As per claim 44 , the rejection of claim 35 is incorporated and Aucsmith teaches: 
Sending an alert to the second device prior to polling of the second device [Fig. 1, 
paragraph 0012, 0013, 0051]. 



As per claim 45 , it encompasses limitations that are similar to limitations of claim 29. 
Thus, it is rejected with the same rationale applied against claim 29 above. 
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As per claim 47 , the rejection of claim 45 is incorporated and it encompasses limitations 
that are similar to limitations of claim 32. Thus, it is rejected with the same rationale 
applied against claim 32 above. 

As per claim 48 , the rejection of claim 45 is incorporated and it encompasses limitations 
that are similar to limitations of claim 33. Thus, it is rejected with the same rationale 
applied against claim 33 above. 

As per claim 50 , the rejection of claim 45 is incorporated and it encompasses limitations 
that are similar to limitations of claim 35. Thus, it is rejected with the same rationale 
applied against claim 35 above. 

As per claim 51 , the rejection of claim 50 is incorporated and it encompasses limitations 
that are similar to limitations of claim 43. Thus, it is rejected with the same rationale 
applied against claim 43 above. 

As per claim 52 , the rejection of claim 45 is incorporated and it encompasses limitations 
that are similar to limitations of claim 44. Thus, it is rejected with the same rationale 
applied against claim 44 above. 
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5. Claims 31 and 46 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Aucsmith et al (US Pub. No. 2003/0110392) in view of Sheikh et al (US Pub. No. 
2002/0078382) and in view of Wolff et al. (US Pub. No. 2002/0174358). 

As per claim 31 , the rejection of claim 29 is incorporated and Aucsmith teaches that 
transmitting an anomaly warning from the first device to a central analysis engine, 
responsive to detecting the anomaly at the first device [Fig. 1, paragraph 0041 lines 1- 
5]. Aucsmith doesn't expressively mention that warning comprising a unique device 
identifier. 

However, Wolff teaches that warning (i.e. report) comprising a unique device identifier 
[paragraph 0017 lines 1-4]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Wolff with Aucsmith and Sheikh, since one would 
have been motivated to obtain accurate picture of anomaly and to identify a particular 
event and a device [Wolff, paragraph 0005 lines 1-2, 0010 lines 1-2]. 

As per claim 46 , the rejection of claim 45 is incorporated and it encompasses limitations 
that are similar to limitations of claim 31. Thus, it is rejected with the same rationale 
applied against claim 31 above. 
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6. Claim 34 and 49 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Aucsmith et al (US Pub. No. 2003/0110392) in view of Sheikh et al (US Pub. No. 
2002/0078382) and in view of Wada et al (US Patent No. 7,047,142). 

As per claim 34 , the rejection of claim 33 is incorporated and Aucsmith teaches 
analyzing the received the data packet by the device [Fig. 1, paragraph 0025, 0039]. 
Wada teaches analyzing packets/data by at least two devices in the networked 
computer system [col. 2 lines 18-23]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Wada with Aucsmith and Sheikh, since one would 
have been motivated to monitor the various devices for predicting a/an failure/anomaly 
in the communication network [Wada, col. 1 lines 7-9]. 

As per claim 49 , the rejection of claim 48 is incorporated and it encompasses limitations 
that are similar to limitations of claim 34. Thus, it is rejected with the same rationale 
applied against claim 34 above. 
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Response to Amendment 

7. Applicant's submission for RCE filed on March 14, 2007 has been entered. In 
view of applicant's argument, new reference by Sheikh et al (US Pub. No. 
2002/0078382) is found and used in combination with various previously cited prior art. 
See new grounds of rejection above. 

Regarding to the Applicant's argument that the 35 USC § 101 rejections of claims 45-52 
are erroneous, Examiner disagrees with applicant's remark and still maintains that 
claims 45-52 recite non-statutory matter. See 35 U.S.C. 101 rejection above. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Flowers et al (US 7162742) - Interoperability of vulnerability and intrusion detection 
systems. 

Cambridge et al (US 7010696) — Method and apparatus for predicting the incidence of 
a virus. 

Ghosh et al (US 7181768) — Computer intrusion detection system and method based 
on application monitoring. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nirav Patel whose telephone number is 571-272-5936. 
The examiner can normally be reached on 8 am - 4:30 pm (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or.proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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